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DES and IDEA Cipher Suites for Transport Layer Security (TLS) 
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Abstract 


Transport Layer Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 
4346) include cipher suites based on DES (Data Encryption Standard) 
and IDEA (International Data Encryption Algorithm) algorithms. DES 
(when used in single-DES mode) and IDEA are no longer recommended for 
general use in TLS, and have been removed from TLS version 1.2 (RFC 
5246). This document specifies these cipher suites for completeness 
and discusses reasons why their use is no longer recommended. 


1. Introduction 


TLS versions 1.0 [TLS10] and 1.1 [TLS11] include cipher suites based 
on DES (Data Encryption Standard) and IDEA (International Data 
Encryption Algorithm) algorithms. DES (when used in single-DES mode) 
and IDEA are no longer recommended for general use in TLS, and have 
been removed from TLS version 1.2 [TLS12]. 


This document specifies these cipher suites for completeness and 
discusses reasons why their use is no longer recommended. 


The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", “SHALL NOT", 
"SHOULD", “SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 
document are to be interpreted as described in [REQ]. 
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4. 


4. 


DES Cipher Suites 


DES (Data Encryption Standard) is a block cipher that was originally 
approved as a US federal standard in 1976, and is specified in [DES]. 


For TLS key generation purposes, DES is treated as having a 64-bit 
key, but it still provides only 56 bits of protection, as 8 of the 64 
bits are not used by the algorithm. DES uses a 64-bit block size. 


The following cipher suites have been defined for using DES in Cipher 
Block Chaining (CBC) mode in TLS: 


CipherSuite TLS_RSA_WITH_DES_CBC_SHA = 
CipherSuite TLS_DH_DSS_WITH_DES_CBC_SHA = 
CipherSuite TLS_DH_RSA_WITH_DES_CBC_SHA = 
CipherSuite TLS_DHE_DSS_WITH_ DES _CBC_SHA = 
CipherSuite TLS_DHE_ RSA WITH _DES_CBC_SHA = 
CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA = 


0x00,0x09 }; 
0x00,0x0C }; 
0x00, 0x0F }; 
0x00, 0x12 }; 
0x00, 0x15 }; 
0x00,0x1A }; 


AAAS 


The key exchange algorithms (RSA, DH_DSS, DH_RSA, DHE_DSS, DHE_RSA, 
and DH_anon) and the MAC (Message Authentication Code) algorithm 
(SHA) are defined in the base TLS specification. 


IDEA Cipher Suite 


IDEA (International Data Encryption Algorithm) is a block cipher 
designed by Xuejia Lai and James Massey [IDEA] [SCH]. IDEA uses a 
128-bit key and operates on 64-bit blocks. 


The following cipher suite has been defined for using IDEA in CBC 
mode in TLS: 


CipherSuite TLS_RSA_WITH_IDEA_CBC_SHA = { 0x00,0x07 }; 


The key exchange algorithm (RSA) and the MAC algorithm (SHA) are 
defined in the base TLS specification. 


Security Considerations 
1. DES Cipher Suites 


DES has an effective key strength of 56 bits, which has been known to 
be vulnerable to practical brute force attacks for over 20 years 
[DH]. A relatively recent 2006 paper by Kumar, et al. [COPA] 
describes a system that performs an exhaustive key search in less 
than nine days on average, and costs less than 10,000 USD to build. 
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Given this, the single-DES cipher suites SHOULD NOT be implemented by 
TLS libraries. If a TLS library implements these cipher suites, it 
SHOULD NOT enable them by default. Experience has also shown that 
rarely used code is a source of security and interoperability 
problems, so existing implementations SHOULD consider removing these 
cipher suites. 


4.2. IDEA Cipher Suite 


IDEA has a 128-bit key, and thus is not vulnerable to an exhaustive 
key search. However, the IDEA cipher suite for TLS has not seen 
widespread use: most implementations either do not support it, do not 
enable it by default, or do not negotiate it when other algorithms 
(such as AES, 3DES, or RC4) are available. 


Experience has shown that rarely used code is a source of security 
and interoperability problems; given this, the IDEA cipher suite 
SHOULD NOT be implemented by TLS libraries and SHOULD be removed from 
existing implementations. 


5. IANA Considerations 


IANA has already allocated values for the cipher suites described in 
this document in the TLS Cipher Suite Registry, defined in [TLS11]. 
IANA has updated the references of these cipher suites to point to 
this document: 


Value Description Reference 
0x00, 0x07 TLS_RSA_WITH_IDEA_CBC_SHA [RFC5469] 
0x00, 0x09 TLS_RSA_WITH_DES_CBC_SHA [RFC5469] 
0x00, 0x0C TLS_DH_DSS_WITH_DES_CBC_SHA [RFC5469] 
0x00, Ox0F TLS_DH_RSA_WITH_DES_CBC_SHA [RFC5469] 
0x00, 0x12 TLS_DHE_DSS_WITH_DES_CBC_SHA [RFC5469] 
0x00, 0x15 TLS_DHE_RSA_WITH_DES_CBC_SHA [RFC5469] 
0x00, 0x1A TLS_DH_anon_WITH_DES_CBC_SHA [RFC5469] 


This document does not create any new registries to be maintained by 
IANA, and does not require any new assignments from existing 
registries. 
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